: Secure Kubernetes Services on Azure
Focus
Focus

Secure Kubernetes Services on Azure

Table of Contents

Secure Kubernetes Services on Azure

Learn how to configure the Azure plugin on Panorama to manage VM-Series firewalls in AKS deployments.
To secure Azure Kubernetes services, you must first install the Azure plugin on Panorama and configure an Azure Secure Kubernetes Services on Azure deployment. The Azure plugin for Panorama supports tag-based VM monitoring and Secure Kubernetes Services on Azure, secures inbound traffic for Azure Kubernetes Services (AKS) clusters, and monitors outbound traffic from AKS clusters. The Panorama orchestrated deployment allows you to leverage Azure auto scale metrics and the scale-in and scale-out thresholds to manage surges in demand for application workload resources by independently scaling the VM-Series firewalls.
To secure inbound traffic for your AKS cluster, you must first Secure Kubernetes Services on Azure. The Panorama orchestrated deployment works with Secure Kubernetes Services on Azure to gather information about your network and resources, then create an auto-scaling tier of VM-Series firewalls for either Secure Kubernetes Services on Azure deployments. See the Palo Alto Networks Compatibility Matrix, to verify the minimum OS, plugin, and template versions required to secure AKS clusters.
Palo Alto Networks provides an AKS template that deploys an Azure Kubernetes Service (AKS) cluster in a new Azure VNet. The Azure plugin on Panorama helps you set up a connection which can monitor Azure Kubernetes cluster workloads, harvesting services you have annotated as “internal load balancer” and creating tags you can use in dynamic address groups. You can leverage Panorama dynamic address groups to apply security policy on inbound traffic routed to services running on your AKS cluster.